Spam on register page, and recaptcha disappear

4 个月 前
Goodmorning everyone,

I am receiving a lot of fake registrations on my version of nopCommerce 3.7, I have no possibility at the moment to upgrade to a newer version.

I enabled recaptcha from the Security tab by entering the keys provided by Google. But when I try to register it asks me to insert the characters present in the image, but the control field where I have to insert the image value is not visible.

How can I solve?

Thanks so much
4 个月 前
nopCommerce 3.7 is old;  I believe the version of reCaptcha that it uses is no longer available.
You could check the System > Log to see if you see a message to that effect.  (Or maybe you need to look for warnings in the browser developer tools [F12] console).

Here's a SQL query I use on older systems to delete spammy customers.  (Although I've not tried it with 3.70.)  
As-is, it will show you the suspect customers.  Then you can remove the comment indicator "--"  from the "--delete" line and add it to the "select *" line (i.e. make it "--select *"), and  it will delete the customers.

with del as
(
    select Id, Email, CreatedOnUtc, Active, Deleted, LastIpAddress
      from customer c
     where CreatedOnUtc > GETUTCDATE()-1
       and CreatedOnUtc = LastActivityDateUtc
       and Email is not null
       and not exists (select  1 from [Order] o where o.CustomerId = c.Id)
       and exists (select 1 from GenericAttribute ca where ca.EntityId = c.Id and ca.[Key] = 'LastVisitedPage' and (ca.value like '%/register%'))
)
--delete customer where Id in (select Id from del)
select * from del


(you can adjust that GETUTCDATE()-1 as needed, and  then create a SQL Server scheduled job to run the query periodcally)
4 个月 前
Yeah, Google reCaptcha is compromised.  I have a few other sites (not NopCommerce) and it pretty much sucks anymore.
1 个月 前
Hi, perhaps everybody knows that goolge recaptcha is not working in China, any solutions for substitution of this for security reasons?
Thanks,
1 个月 前
anthonycma wrote:
Hi, perhaps everybody knows that goolge recaptcha is not working in China, any solutions for substitution of this for security reasons?
Thanks,


Hi.
Try to use another reCAPTCHA base URL, see details here.